Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
GR-PO-SEC-C-Windows10 ENT Applocker Full Control
Data collected on: 2-9-2025 09:49:52
General
Details
Domainemea.tpg.ads
OwnerEMEA\tentolouris.5-adm
Created30-9-2020 12:56:56
Modified8-4-2025 14:31:08
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions215 (AD), 215 (SYSVOL)
Unique ID{dffff58f-b54c-4b65-9a46-58a137552256}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ClientsYesEnabledemea.tpg.ads/GR/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\GR-L-SEC-Windows Enterprise FULL Applocker Control
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
EMEA\GR-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\GR-L-SEC-Windows Enterprise FULL Applocker ControlRead (from Security Filtering)No
EMEA\tentolouris.5-admEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
System Services
Application Identity (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
File System
%ProgramFiles%\WindowsApps
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\UsersRead and ExecuteThis folder, subfolders and files
AllowAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESRead and ExecuteThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemRoot%\ImmersiveControlPanel
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESRead and ExecuteThis folder, subfolders and files
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowBUILTIN\UsersRead and ExecuteThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
Application Control Policies
Appx Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
AllowEveryoneMSTeams, from MicrosoftPublisherNo
AllowEMEA\GR-L-SEC-Apps Cortana AllowedMicrosoft.Windows.Cortana, from Microsoft CorporationPublisherNo
AllowEMEA\GR-G-ORG-USERS AccountingSigned by *PublisherNo
AllowEMEA\GR-L-SEC-Apps MicrosoftSwayMicrosoft.Office.Sway, from Microsoft CorporationPublisherNo
DenyEMEA\GR-L-SEC-Restricted Search on Start menuMicrosoft.Windows.CloudExperienceHost, from Email, phone, or SkypePublisherNo
AllowEMEA\GR-L-SEC-Apps ScreenRecorderProWin10 Allowed57506winuwp.ScreenRecorderProForWin10, from winuwpPublisherNo
AllowEMEA\GR-L-SEC-Apps Win Experience Pack AllowedMicrosoftWindows.Client.CBS, from Microsoft WindowsPublisherNo
AllowEMEA\GR-L-SEC-Apps Microsoft.Paint AllowedMicrosoft.Paint, from Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.PeopleExperienceHost, from Microsoft CorporationPublisherNo
AllowBUILTIN\AdministratorsSigned by *PublisherNo
AllowEveryoneMicrosoftWindows.Client.CBS, from Microsoft WindowsPublisherNo
AllowEMEA\GR-L-SEC-Apps MicrosoftToDo AllowedMicrosoft.Todos, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps MSAccountsControl AllowedMicrosoft.Windows.CloudExperienceHost, from Email, phone, or SkypePublisherNo
AllowEMEA\GR-G-ORG-Remote Admin UsersSigned by *PublisherNo
AllowEveryoneMicrosoft.Windows.StartMenuExperienceHost, from ms-resource:StartMenuExperienceHost/PublisherDisplayNamePublisherNo
AllowEveryonewindows.immersivecontrolpanel, from Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.Apprep.ChxApp, from Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.ShellExperienceHost, from Microsoft CorporationPublisherNo
DenyEMEA\GR-G-ORG-USERS Facebook Sups QA Baseline RestrictionsMicrosoft.MicrosoftEdge.Stable, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps OneNote AllowedMicrosoft.Office.OneNote, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps Microsoft Copilot AllowedMicrosoft.Copilot, from Microsoft CorporationPublisherNo
DenyEMEA\GR-L-SEC-Restricted Search on Start menuMicrosoft.Windows.ContentDeliveryManager, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps WinOTP Authenticator Allowed34135VladimirAkopyan.WinOTPAuthenticator, from Vladimir AkopyanPublisherNo
AllowEMEA\GR-L-SEC-Apps Snip & Sketch AllowedMicrosoft.ScreenSketch, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps Photos AllowedMicrosoft.Windows.Photos, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps DesktopAppInstallerMicrosoft.DesktopAppInstaller, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps Xbox Game Bar AllowedMicrosoft.XboxGamingOverlay, from Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.WindowsCalculator, from Microsoft CorporationPublisherNo
DenyEMEA\GR-L-SEC-Restricted Search on Start menuMicrosoft.Windows.Search, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps Search AllowedMicrosoft.Windows.Search, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps WindowsCommunicationAppsmicrosoft.windowscommunicationsapps, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps Sticky Notes AllowedMicrosoft.MicrosoftStickyNotes, from Microsoft CorporationPublisherNo
AllowEMEA\GR-G-ORG-IT-Systems-ADMSigned by *PublisherNo
AllowEveryoneWindows.PrintDialog, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps Camera AllowedMicrosoft.WindowsCamera, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps 3DPaint AllowedMicrosoft.MSPaint, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps MSAccountsControl AllowedMicrosoft.AccountsControl, from Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.WindowsStore, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps PDF Reader Kdan Mobile Allowed0D9A1B2D.PDFReaderUWP, from Kdan Mobile Software Ltd.PublisherNo
AllowEMEA\GR-L-SEC-Apps Groove Music AllowedMicrosoft.ZuneMusic, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps OneDrive Allowedmicrosoft.microsoftskydrive, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps Trello Allowed45273LiamForsyth.PawsforTrello, from Trello, Inc.PublisherNo
AllowEveryoneInputApp, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps Whiteboard AllowedMicrosoft.Whiteboard, from Microsoft CorporationPublisherNo
AllowEMEA\GR-G-ORG-ITSigned by *PublisherNo
AllowNT AUTHORITY\SYSTEMSigned by *PublisherNo
AllowEveryoneMicrosoft.LockApp, from Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.AAD.BrokerPlugin, from Assigned by your organizationPublisherNo
AllowEMEA\GR-L-SEC-Apps MicrosoftSmartCardManagerMicrosoft.MicrosoftSmartCardManager, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps WhatsApp Allowed5319275A.WhatsAppDesktop, from WhatsApp Inc.PublisherNo
AllowEveryoneWavesAudio.MaxxAudioProforDell2019, from Waves AudioPublisherNo
AllowEveryoneMicrosoft.MicrosoftEdge, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps Calculator AllowedMicrosoft.WindowsCalculator, from Microsoft CorporationPublisherNo
DenyEMEA\GR-G-ORG-USERS Facebook Sups QA Baseline RestrictionsMicrosoft.MicrosoftEdge, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps MSNotepad AllowedMicrosoft.WindowsNotepad, from Microsoft CorporationPublisherNo
AllowEMEA\GR-L-SEC-Apps MobilePASS Allowed05EB1CFA.SafeNetMobilePASS, from Gemalto Pte LtdPublisherNo
Dll Rules
No rules of type 'Dll Rules' are defined.
Executable Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
DenyEMEA\GR-L-SEC-AppsRestrict WordPad NotepadWORDPAD.EXE, in MICROSOFT® WINDOWS® OPERATING SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEveryoneMICROSOFT TEAMS UPDATE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
DenyEMEA\GR-G-ORG-USERS Facebook Sups QA Baseline RestrictionsIEXPLORE.EXE, in INTERNET EXPLORER, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
DenyEMEA\GR-L-SEC-AppsRestrict WordPad NotepadNOTEPAD.EXE, in MICROSOFT® WINDOWS® OPERATING SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEveryoneMICROSOFT TEAMS, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
DenyEMEA\GR-G-ORG-USERS Facebook Sups QA Baseline RestrictionsTEAMS.EXE, in MICROSOFT TEAMS, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
DenyEMEA\GR-G-ORG-USERS Facebook Sups QA Baseline RestrictionsUPDATE.EXE, in MICROSOFT TEAMS UPDATE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
DenyEMEA\GR-G-ORG-USERS Facebook Sups QA Baseline RestrictionsMSEDGE.EXE, in MICROSOFT EDGE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
DenyEMEA\GR-G-ORG-USERS Supervisors Baseline Restrictions V2*PathYes
DenyEMEA\GR-G-ORG-USERS Trainers Baseline Restrictions*PathYes
DenyEMEA\GR-G-ORG-USERS QA Baseline Restrictions*PathYes
DenyEMEA\tentolouris.5-testtentolouris.5-test testPathYes
DenyEMEA\GR-G-ORG-USERS QA Baseline Restrictions V2*PathYes
DenyEMEA\GR-G-ORG-USERS ALL Restrict Mgmt AccessRestricted Access for MGMTPathYes
AllowEveryone(Default Rule) All files located in the Program Files folderPathNo
DenyEMEA\GR-L-SEC-AppsRestrict SnippingTool%SYSTEM32%\SnippingTool.exePathNo
AllowEveryone(Default Rule) All files located in the Windows folderPathNo
DenyEMEA\GR-L-SEC-AppsRestrict CMD&Powershell%SYSTEM32%\WindowsPowerShell\v1.0\powershell_ise.exePathNo
DenyEMEA\GR-G-ORG-USERS Stihl AgentsDeny Stihl AgentsPathYes
AllowEveryone*PathNo
DenyEMEA\GR-L-SEC-AppsRestrict CMD&Powershell%SYSTEM32%\WindowsPowerShell\v1.0\powershell.exePathNo
AllowBUILTIN\Administrators(Default Rule) All filesPathNo
Windows Installer Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
AllowEveryone(Default Rule) All digitally signed Windows Installer filesPublisherNo
DenyEMEA\GR-G-ORG-USERS ALL Restrict Mgmt AccessRestricted Access for MGMTPathYes
DenyEMEA\GR-G-ORG-USERS Supervisors Baseline Restrictions V2*PathYes
DenyEMEA\GR-G-ORG-USERS QA Baseline Restrictions V2*PathYes
DenyEMEA\GR-G-ORG-USERS Stihl AgentsStihl AgentsPathYes
AllowEveryone(Default Rule) All Windows Installer files in %systemdrive%\Windows\InstallerPathNo
AllowBUILTIN\Administrators(Default Rule) All Windows Installer filesPathNo
AllowEveryoneAllow AllPathNo
DenyEMEA\GR-G-ORG-USERS Trainers Baseline Restrictions*PathYes
Script Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
AllowEveryone(Default Rule) All scripts located in the Program Files folderPathNo
DenyEMEA\GR-G-ORG-USERS Supervisors Baseline Restrictions V2*PathYes
DenyEMEA\GR-G-ORG-USERS Stihl AgentsStihl AgentsPathYes
DenyEMEA\GR-G-ORG-USERS Trainers Baseline Restrictions*PathYes
DenyEMEA\GR-G-ORG-USERS ALL Restrict Mgmt AccessRestricted Access for MGMTPathYes
AllowEveryone(Default Rule) All scripts located in the Windows folderPathNo
AllowEveryoneAllow AllPathNo
DenyEMEA\GR-G-ORG-USERS QA Baseline Restrictions V2*PathYes
AllowBUILTIN\Administrators(Default Rule) All scriptsPathNo
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
System
PolicySettingComment
Specify settings for optional component installation and component repairEnabled
Alternate source file path
Never attempt to download payload from Windows UpdateDisabled
Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)Enabled
Windows Components/Store
PolicySettingComment
Turn off the Store applicationDisabled
Windows Components/Windows Update/Manage updates offered from Windows Server Update Service
PolicySettingComment
Do not connect to any Windows Update Internet locationsDisabled
Preferences
Windows Settings
Registry
DisableStoreApps (Order: 1)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\WindowsStore
Value nameDisableStoreApps
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
User Configuration (Enabled)
No settings defined.